A collection of 41 issues

CVE-2022-36259 An SQL injection vulnerability in of InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.

The vulnerable code is present in the method ‘getConnectionFactory()’ which is responsible for connecting new user to InventoryManagementSystem. ConnectionFactory class is abstract and extends DatabaseConnection class. Therefore, it provides common methods like ‘getConnection()’, ‘setEncoding()’, etc. The getConnectionFactory() method receives an attacker-controlled string as an input which is vulnerable to SQL
1 min read

CVE-2022-21549 Oracle Java SE, Oracle GraalVM Enterprise Edition is affected by a vulnerability in the Libraries component. The vulnerability could allow a remote attacker to obtain system privileges.

by using the sendMessage API with a crafted object. The attacker cannot inject malicious code using the Java language, but can instead use scripting languages such as JavaScript or Python. When Graal runs untrusted code, Graal cannot ensure that the code has not been altered or compromised by a remote
2 min read
Subscribe to
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.